Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

umd-free-zone

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

umd-free-zone

Creates a define and exports free zone for your UMD scripts to safely register globally

  • 0.1.3
  • latest
  • Source
  • npm
  • Socket score

Version published
Maintainers
1
Created
Source

umd-free-zone

umd-free-zone is meant to prevent your UMD-compatible scripts from falling for unwanted global AMD and CommonJS shims.

Just add umd-free-zone/start.js before your scripts and umd-free-zone/end.js after them.

This will ensure your scripts register globally.

Example

Imagine you want to load the UMD compatible React from unpkg and intend for it to become a global (window.React).

Yet, you have an evil Mailchimp script that brutally exports a global define function, and you can't guarantee your React will load before the nasty AMD leak.

umd-free-zone to the rescue! Just add it before and after the scripts you want to become global.

Bad:

React will fall for the alien global define.

// Nasty script that globally defines a `define` function
<script src="https://downloads.mailchimp.com/js/signup-forms/popup/embed.js"></script>

<script src="https://unpkg.com/react@16.1.1/umd/react.production.min.js"></script>
<script> window.React // undefined! Ouch. </script>

Good:

Wrap your scripts in umd-free-zone start and end:

// Nasty script that globally defines a `define` function
<script src="https://downloads.mailchimp.com/js/signup-forms/popup/embed.js"></script>

<script src="https://unpkg.com/umd-free-zone@0.1.3/start.js"></script>
<script src="https://unpkg.com/react@16.1.1/umd/react.production.min.js"></script>
<script> window.React // undefined! Ouch. </script>
<script src="https://unpkg.com/umd-free-zone@0.1.3/end.js"></script>

// The leaky AMD works as usual from here onwards, if you want it to.

FAQs

Package last updated on 16 Jan 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc